Microsoft Office 365 security best practices for business

Office 365 is a popular business platform worldwide. Its blend of collaboration tools, office apps, and cloud storage components makes Office 365 a go-to option for many companies. But the popularity of Office also makes it a popular target for cyber-attackers.

Securing data and protecting assets is critically important when using Office 365. This blog will discuss the major threats faced by users and we will suggest some security best practices. Office 365 is a safe place to run business operations. But you need awareness and policies to make that safety a reality.

How secure is Office 365?

Office 365 is a suite of cloud-based business tools. Like all cloud applications and platforms, Office is vulnerable to external attackers. Cyber-attackers can breach user defenses. They can access sensitive data, disrupt operations, and cause plenty of damage before they are stopped.

Security concerns are real. Up to 85% of organizations using Office 365 suffered an email data loss in 2021. 15% of organizations using the platform suffered more than 500 breaches in the same year. Just 4% of organizations not using Office 365 reported the same data breach frequency.

Microsoft has toughened Office security features in the past few years. However, Office 365 users still need to control their security posture. If you can find a secure configuration that meets your needs, you can use the platform safely. The first step in doing so is mastering the security features supplied by Microsoft.

Security features in Office 365

Users can access most Office 365 security features via the Security and Compliance Center on Microsoft Accounts. This cloud-based portal allows users to choose several critical security functions. These functions include:

1. Identity and Access Management (IAM)

Microsoft’s IAM solution lets you set up digital identities for all Office users.

Every user has a digital identity containing their authentication details and authorization information. This lets administrators add adaptive multi-factor authentication for all log-ins. Admins can manage passwords efficiently, onboard and remove users as needed.

IAM also allows you to manage authorization options for all users. Admins can set privileges based on roles or individual requirements. This limits app access to users with appropriate permissions. Unauthorized outsiders won’t be able to intrude.

2. Information security

With Microsoft Information Protection (MIP), users can manage data as it travels across Office cloud resources and even on remote work devices.

Users can classify data to ensure it only reaches authorized devices. Set different sensitivity levels to make data available or defend it as required.

Classification works alongside Data Loss Prevention (DLP) and Microsoft Information Governance (MIG) tools. Create robust security controls for confidential data, and set lifecycle controls to delete data when it is not needed.

3. Threat defenses

Microsoft offers Office-native Security Information and Event Management (SIEM) and Extended Detection and Response (XDR) features. Together, they neutralize cyber threats and track traffic to assess security weaknesses.

Azure Sentinel is a SIEM system that uses Artificial Intelligence to monitor the Office environment. Sentinel can track every active Office application and device. Security teams benefit from real-time visibility across the threat surface.

Azure Defender and Office 365 Defender are XDR tools. They extend threat detection to all endpoints, including email accounts and cloud applications.

4. Risk management

Office 365 includes a suite of tools to manage risks and ensure compliance. These tools identify and classify risks, focusing on data protection across an Office 365 environment.

Risk management tools allow security teams to assess insider threats, manage the risk of insecure communications, and fine-tune privileges for admin accounts. Audit tools let you drill down into compliance issues until every data security weakness is covered.

What are the most important Office 365 security concerns?

The security tools above are comprehensive and flexible. But they are generally voluntary. Users need to create their own security setup and choose measures that fit their Office implementation.

Office 365 leaves plenty of room for misconfigurations. And these gaps are the ideal space for attackers to work. Here are some critical threats for security managers to assess:

1. Credential theft and unauthorized access

Cyber attackers may gain access to your entire Office 365 environment if they steal user credentials. Users can leak credentials in many ways. For instance, employees could:

Share information insecurely via Office collaboration apps
Click on attachments that extract personal data
Follow unsafe links in social engineering email messages
Install malware onto a connected device

Credential theft is a constant security concern for Office 365 managers. Office does include multi-factor authentication, but MFA is not enabled as a default. Many companies forget to apply extra authentication and suffer as a result.

2. Unsafe privileges

According to Zero Trust principles, Office 365 users should have access to the resources they need and nothing more. Limiting access to sensitive data makes data extraction and loss less likely. Hackers cannot freely access data. Employees won’t be able to leak data during their tasks accidentally.

However, privileges creep can lead to too many people having access to too much data. By default, every Global Administrator Account has extensive privileges. Security teams need to restrict admin accounts manually. This potentially leaves scope to abuse access and steal data.

3. Data loss

Data breaches are a nightmare scenario for Office 365 managers, but they are possible without adequate security controls.

The major problem here is sharing. Office is built to enable information exchange. Workers share documents, conversations, databases, and much more. This is great at an operational level. But the flow of data is a security problem.

Data can leak via many storage locations or sharing tools. Employees may not know about data sharing risks or how to store data securely. And data can pass to unauthorized third parties without the knowledge of security teams.

4. Complacency

Many companies move from on-premises Office implementations to cloud-based 365 environments. While the applications are familiar, the security context of these two setups is very different.

Security managers may lack visibility of all cloud endpoints and in-use applications. They may lose sight of data containers or fail to turn on necessary security features. Sharing tools like SharePoint present new risks, such as allowing access for third-party guests. But these new risks aren’t always detected during cloud transitions.

Office 365 security best practices for business

the best practices for using microsoft office 365 for business

What can businesses do about the security threats listed above? The answer lies in applying Office 365 security best practices. By following these security practices, you can enjoy the benefits of information sharing and keeping data safe.

1. Enable IAM

Access management is the top priority when securing Office 365 environments. Companies must create a secure perimeter and restrict access for unauthenticated users. Users should have the privileges they need to carry out work, but no more access than they require.

Office 365 has built-in IAM tools to control authentication and authorization centrally. Set conditional access policies for every role and back up password access with MFA technologies. Bring all Office 365 apps together via Single Sign On (SSO). This makes it easier for employees to manage passwords. It also simplifies access management for security professionals.

It is advisable to create separate user accounts for admins with elevated privileges. Every admin account requires maximum protection. Users should only use administrative accounts for specialist tasks, and rely on other accounts for everyday work.

2. Educate users to understand Office 365 security

Employees must know how to avoid phishing attacks. Build anti-phishing training into all onboarding processes and refresh this knowledge regularly. Workers should always be aware of dangerous email attachments and how to spot malicious links.

Users also require training in how to share information securely. Educate staff on how to use SharePoint and Teams without compromising security.

3. Collaborate securely

Education combines with robust collaboration app security to protect data in-transit. Install DLP systems to track sensitive files and ensure they stay within the network perimeter. DLP will alert managers if employees share critical data, and block any illegitimate transfers.

Set up Message Encryption on Teams and other communication tools. This protects the content of messages. Only authorized users will be able to read messages or open files.

Use Safe Attachments to scan all email attachments and shared files. Extend attachment protection to Teams, SharePoint and OneDrive so that all potential endpoints enjoy security coverage.

4. Put in place anti-phishing protections

Office 365 includes specialist tools to handle phishing attacks. These advanced threat protection tools go beyond trusting employees not to open malicious links. They actively inspect emails to detect malicious content.

For example, users can sandbox attachments automatically with Application Guard. This creates a protected environment to open pdfs or spreadsheets. Application Guard scans files to detect unsafe sources. This matters because Office files are common attack vectors. Sandboxing makes it much less likely that an innocent document will spark a security alert.

Safe Links is another useful anti-phishing tool that scans URLs to detect security concerns. And you can set “external” email tagging for inbound messages. This alerts users to be careful when opening external communications.

These measures do not remove all phishing risks. Zero-day threats are still an issue. But together, Application Guard, email tagging and Safe Links provide plenty of defense against social engineering attacks.

5. Use anti-malware solutions

When anti-phishing measures fail, malware protection tools enter the picture. Office 365 users should take advantage of Microsoft’s anti-malware tools wherever possible.

Implement SIEM protection via Azure Sentinel, and use XDR to scan all endpoints. These two tools work together to detect malware infections and quarantine affected files. This should neutralize ransomware attacks before they take down network infrastructure.

6. Strengthen your password policies

User access is the major Office 365 security weak point. And credential theft is the most common attack vector. Make it harder to mount credential stuffing attacks by enforcing strong password policies across all users.

Make sure Office users avoid real names and familiar words. Include multiple symbols and numbers, in combinations that are impossible to anticipate. Use password manager tools to store and update passwords. This reduces the risk of human error.

Generally, make sure users do not reuse passwords from other network assets. Every Office 365 user requires unique credentials, with no exceptions.

7. Strengthen data security controls

Employ MIP to lock down sensitive information and allow access to less important data. Office 365 lets you label sensitive information such as personally identifiable information (PII) and financial records. These labels enforce tools to keep sensitive data secure, such as encryption or watermarking.

DLP also allows you to track data movements and prevent data leaving organizational boundaries. This makes it easier to work remotely without creating additional data loss risks.

8. Check compliance and security scores

Data security measures aim to meet strict compliance goals. For instance, you may need to protect financial records to comply with PCI-DSS, or meet HIPAA rules when handling patient details. Microsoft has created tools to make the compliance task easier, so use them when available.

The Office 365 compliance portal provides guidance for meeting important regulations. It also includes a compliance score that charts your progress. Updated in real-time, the compliance score suggests required actions. It provides a useful road map to compliance across all Office 365 services.

Office also provides an overall Secure Score. This can be found in the Security Center, which records a percentage based on an organization’s security posture. Adding extra security measures boosts the score, and the system delivers recommendations based on your Office 365 setup.

9. Optimize mobile device security

Employees may use mobile devices to access Microsoft’s SaaS applications. This particularly applies to companies with large communities of remote workers or BYOD setups. In any case, it is advisable to implement Mobile Device Management (MDM) security solutions,

Office 365’s MDM tools encrypt confidential data on mobile devices. They can wipe data from devices in the event of theft. And they prevent network access for stolen or compromised devices.

10. Put in place rock-solid Office auditing

Be sure to enable the Unified Audit Log via the Office 365 Security Center. The UAL lets you track user activity across all accounts. You can see who is sharing information and how that information spreads across your cloud environment.

By default, audit logs provide 90 days of historical information, which isn’t that much. However, you can extend the scope of audit logging to as long as ten years if desired. Longer periods provide a better evidence base for compliance management, but you will need measures to efficiently store and search audit data.

Ensure secure access to Office 365 with NordLayer

Collaborate, strategize, and store data safely with our office 365 security best practices. On-board security tools and solid staff education let you use Microsoft’s business environment without creating unnecessary risks.

However, just relying on Office 365 controls is a risky move. That’s especially true for companies with hybrid cloud environments who manage multiple platforms and require secure access to SaaS apps. In those cases, it makes sense to apply enterprise-wide security solutions like NordLayer.

NordLayer’s IP allowlisting tools supplement Office 365 security controls. Admins can define a list of authorized addresses. These IP addresses are then permitted access to Office resources. Unlisted devices are excluded or require additional verification.

NordLayer encrypts traffic passing between employee devices and Office 365, countering man-in-the-middle style attacks. Threatblock also blocks malicious websites, reducing the risks posed by phishing attacks. Use Microsoft’s internal features to secure Office 365. But go further, integrating Office into your wider cybersecurity setup. To find out more, contact the NordLayer team today.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

These days, cybercrime is rampant. It’s no longer a matter of “if” you’re going to suffer an attack but “when” it will happen. All companies want to be ready for any crisis. And this is where a business continuity plan comes into play.

But what is a business continuity plan exactly? Why is it important? What should one include? Today, we’re exploring all these questions in-depth.

What is a business continuity plan?

A business continuity plan (BCP) is a document that sets guidelines for how an organization will continue its operations in the event of a disruption, whether it’s a fire, flood, other natural disaster or a cybersecurity incident. A BCP aims to help organizations resume operations without significant downtime.

Unfortunately, according to a 2020 Mercer survey, 51% of businesses across the globe don’t have a business continuity plan in place.

What’s the difference between business continuity and disaster recovery plans?

We often confuse the terms business continuity plan and disaster recovery plan. The two overlap and often work together, but the disaster recovery plan focuses on containing, examining, and restoring operations after a cyber incident. On the other hand, BCP is a broader concept that considers the whole organization. A business continuity plan helps organizations stay prepared for dealing with a potential crisis and usually encompasses a disaster recovery plan.

Importance of business continuity planning

The number of news headlines announcing data breaches has numbed us to the fact that cybercrime is very real and frequent and poses an existential risk to companies of all sizes and industries.

Consider that in 2021, approximately 37% of global organizations fell victim to a ransomware attack. Then consider that business interruption and restoration costs account for 50% of cyberattack-related losses. Finally, take into account that most cyberattacks are financially motivated and the global cost of cybercrime topped $6 trillion last year. The picture is quite clear — cybercrime is a lucrative venture for bad actors and potentially disastrous for those on the receiving end.

To thrive in these unpredictable times, organizations go beyond conventional security measures. Many companies develop a business continuity plan parallel to secure infrastructure and consider the plan a critical part of the security ecosystem. The Purpose of a business continuity plan is to significantly reduce the downtime in an emergency and, in turn, reduce the potential reputational damage and — of course — revenue losses.

Business continuity plan template

Password security for your business

Store, manage and share passwords.

Get NordPass Business

30-day money-back guarantee

Business Continuity Plan Example

[Company Name]

[Date]

I. Introduction

Purpose of the Plan
Scope of the Plan
Budget
Timeline

The initial stage of developing a business continuity plan starts with a statement of the plan’s purpose, which explains the main objective of the plan, such as ensuring the organization’s ability to continue its operations during and after a disruptive event.

The Scope of the Plan outlines the areas or functions that the plan will cover, including business processes, personnel, equipment, and technology.

The Budget specifies the estimated financial resources required to implement and maintain the BCP. It includes costs related to technology, personnel, equipment, training, and other necessary expenses.

The Timeline provides a detailed schedule for developing, implementing, testing, and updating the BCP.

II. Risk Assessment

Identification of Risks
Prioritization of Risks
Mitigation Strategies

The Risk Assessment section of a Business Continuity Plan (BCP) is an essential part of the plan that identifies potential risks that could disrupt an organization’s critical functions.

The Identification of Risks involves identifying potential threats to the organization, such cybersecurity breaches, supply chain disruptions, power outages, and other potential risks. This step is critical to understand the risks and their potential impact on the organization.

Once the risks have been identified, the Prioritization of Risks follows, which helps determine which risks require the most attention and resources.

The final step in the Risk Assessment section is developing Mitigation Strategies to minimize the impact of identified risks. Mitigation strategies may include preventative measures, such as system redundancies, data backups, cybersecurity measures, as well as response and recovery measures, such as emergency protocols and employee training.

III. Emergency Response

Emergency Response Team
Communication Plan
Emergency Procedures

This section of the plan focuses on immediate actions that should be taken to ensure the safety and well-being of employees and minimize the impact of the event on the organization’s operations.

The Emergency Response Team is responsible for managing the response to an emergency or disaster situation. This team should be composed of individuals who are trained in emergency response procedures and can act quickly and decisively during an emergency. The team should also include a designated leader who is responsible for coordinating the emergency response efforts.

The Communication Plan outlines how information will be disseminated during an emergency situation. It includes contact information for employees, stakeholders, and emergency response personnel, as well as protocols for communicating with these individuals.

The Emergency Procedures detail the steps that should be taken during an emergency or disaster situation. The emergency procedures should be developed based on the potential risks identified in the Risk Assessment section and should be tested regularly to ensure that they are effective.

IV. Business Impact Analysis

The Business Impact Analysis (BIA) section of a Business Continuity Plan (BCP) is a critical step in identifying the potential impact of a disruption to an organization’s critical operations.

The Business Impact Analysis is typically conducted by a team of individuals who understand the organization’s critical functions and can assess the potential impact of a disruption to those functions. The team may include representatives from various departments, including finance, operations, IT, and human resources.

V. Recovery and Restoration

Procedures for recovery and restoration of critical processes
Prioritization of recovery efforts
Establishment of recovery time objectives

The Recovery and Restoration section of a Business Continuity Plan (BCP) outlines the procedures for recovering and restoring critical processes and functions following a disruption.

The Procedures for recovery and restoration of critical processes describe the steps required to restore critical processes and functions following a disruption. This may include steps such as relocating to alternate facilities, restoring data and systems, and re-establishing key business relationships.

The Prioritization section of the plan identifies the order in which critical processes will be restored, based on their importance to the organization’s operations and overall mission.

Recovery time objectives (RTOs) define the maximum amount of time that critical processes and functions can be unavailable following a disruption. Establishing RTOs ensures that recovery efforts are focused on restoring critical functions within a specific timeframe.

VI. Plan Activation

Plan Activation Procedures

The Plan Activation section is critical in ensuring that an organization can quickly and effectively activate the plan and respond to a potential emergency.

The Plan Activation Procedures describe the steps required to activate the BCP in response to a disruption. The procedures should be clear and concise, with specific instructions for each step to ensure a prompt and effective response.

VII. Testing and Maintenance

Testing Procedures
Maintenance Procedures
Review and Update Procedures

This section of the plan is critical to ensure that an organization can effectively respond to disruptions and quickly resume its essential functions.

Testing procedures may include scenarios such as natural disasters, cyber-attacks, and other potential risks. The testing procedures should include clear objectives, testing scenarios, roles and responsibilities, and evaluation criteria to assess the effectiveness of the plan.

The Maintenance Procedures detail the steps necessary to keep the BCP up-to-date and relevant.

The Review and Update Procedures describe how the BCP will be reviewed and updated regularly to ensure its continued effectiveness. This may involve conducting a review of the plan on a regular basis or after significant changes to the organization’s operations or threats.

What should a business continuity plan checklist include?

Organizations looking to develop a BCP have more than a few things to think through and consider. Variables such as the size of the organization, its IT infrastructure, personnel, and resources all play a significant role in developing a continuity plan. Remember, each crisis is different, and each organization will have a view on handling it according to all the variables in play. However, all business continuity plans will include a few elements in one way or another.

Clearly defined areas of responsibility
A BCP should define specific roles and responsibilities for cases of emergency. Detail who is responsible for what tasks and clarify what course of action a person in a specific position should take. Clearly defined roles and responsibilities in an emergency event allow you to act quickly and decisively and minimize potential damage.
Crisis communication plan
In an emergency, communication is vital. It is the determining factor when it comes to crisis handling. For communication to be effective, it is critical to establish clear communication pipelines. Furthermore, it is crucial to understand that alternative communication channels should not be overlooked and outlined in a business continuity plan.
Recovery teams
A recovery team is a collective of different professionals who ensure that business operations are restored as soon as possible after the organization confronts a crisis.
Alternative site of operations
Today, when we think of an incident in a business environment, we usually think of something related to cybersecurity. However, as discussed earlier, a BCP covers many possible disasters. In a natural disaster, determine potential alternate sites where the company could continue to operate.
Backup power and data backups
Whether a cyber event or a real-life physical event, ensuring that you have access to power is crucial if you wish to continue operations. In a BCP, you can often come across lists of alternative power sources such as generators, where such tools are located, and who should oversee them. The same applies to data. Regularly scheduled data backups can significantly reduce potential losses incurred by a crisis event.
Recovery guidelines
If a crisis is significant, a comprehensive business continuity plan usually includes detailed guidelines on how the recovery process will be carried out.

Business continuity planning steps

Here are some general guidelines that an organization looking to develop a BCP should consider:

Analysis

A business continuity plan should include an in-depth analysis of everything that could negatively affect the overall organizational infrastructure and operations. Assessing different levels of risk should also be a part of the analysis phase.

Design and development

Once you have a clear overview of potential risks your company could face, start developing a plan. Create a draft and reassess it to see if it takes into account even the smallest of details.

Implementation

Implement BCP within the organization by providing training sessions for the staff to get familiar with the plan. Getting everyone on the same page regarding crisis management is critical.

Testing

Rigorously test the plan. Play out a variety of scenarios in training sessions to learn the overall effectiveness of the continuity plan. By doing so, everyone on the team will be closely familiar with the business continuity plan’s guidelines.

Maintenance and updating

Because the threat landscape constantly changes and evolves, you should regularly reassess your BCP and take steps to update it. By making your continuity plan in tune with the times, you will be able to stay a step ahead of a crisis.

Level up your company’s security with NordPass Business

A comprehensive business continuity plan is vital for the entire organization’s security posture. However, in a perfect world, you wouldn’t have to use it. This is where NordPass Business can help.

Remember, weak, reused, or compromised passwords are often cited as one of the top contributing factors in data breaches. It’s not surprising, considering that an average user has around 100 passwords. Password fatigue is real and significantly affects how people treat their credentials. NordPass Business counters these issues.

With NordPass Business, your team will have a single secure place to store all work-related passwords, credit cards, and other sensitive information. Accessing all the data stored in NordPass is quick and easy, which allows your employees not to be distracted by the task of finding the correct passwords for the correct account.

In cyber incidents, NordPass Business ensures that company credentials remain secure at all times. Everything stored in the NordPass vault is secured with advanced encryption algorithms, which would take hundreds of years to brute force.

If you are interested in learning more about NordPass Business and how it can fortify corporate security, do not hesitate to book a demo with our representative.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Securing Your Plant Without Shutting It Down: Navigating the Intersection of IT and OT

If one of your organization’s goals for 2023 is to implement a robust OT/ICS cyber security solution (and here’s why it absolutely should be, even if budgets are a little tight!) you may need a little help wading through the plethora of options, making a plan, and selling it to your CISO and board. There are many solutions being marketed out there, and many organizations willing to offer advice.

SCADAfence recently published a vendor-agnostic guide to choosing an OT Cyber Security solution that details why OT cyber security differs from IT cyber security and what you need to know to choose the solution that’s best for your organization. In this post, we’ll delve deeper and explore why a complete integration is so important.

The U.S. National Institute of Standards and Technology (NIST) also released a draft version of a detailed technical guide to implementing OT security, with the final edition expected later this year. We suggest you download and read that as well.

One important thing to remember is that even if you don’t have a complete OT security solution at the moment, you still are probably not starting from scratch.

Enter the so-called expert from IT.

Integration Between OT and IT Is Essential

As we discovered recently on reddit, every control system engineer has a horror story to share about an IT guy who showed up on the floor of the manufacturing facility with a poorly thought out plan to install or upgrade or a cyber security solution. They proceed to scan every device on the OT network with a tool not-quite designed for the job and leave a disaster in their wake. Machines shut down. Production lines halted. Productivity out the window. Fingers pointed directly at the OT engineers.

We understand why most OT engineers would prefer to keep IT experts out of the factory, and back in the office, where they belong. But the fact is, OT networks require cyber security protection too. (And because a cyber attack in the OT world risks harming physical safety, not just data, the need is actually higher.)

However, as the integration of IT and OT systems becomes increasingly connected in functionality, it’s important to ensure that their cyber security solutions are well-integrated as well.

IT systems are usually more mature, based on common operating systems such as Windows OS or Linux, and have more options available. OT systems on the other hand, are often more fragile and built on custom software, but are more critical to an organization’s mission.

Therefore, as much as the OT teams might prefer to keep the IT teams out of their workspace, it is important for them to work together. Make sure roles and responsibilities are well-defined and it’s clear who holds final accountability for making sure your facility is secure.

Identify Your Specific Use Case

Before selecting an OT cyber security vendor, it’s essential to prepare and validate a clear list of IT integration use cases, and ensure that your chosen vendor is able to meet those needs

A sound and complete integration between OT and IT security solutions should accomplish several things. First, it should allow for the flow of information between the two systems. This means that the OT team can receive alerts and notifications from the IT system, and vice versa. Second, a seamless integration should allow for forensic analysis to be conducted across both systems if needed. Third, remote users that are authenticated by the IT systems, may need access to OT systems as well. Therefore, a proper solution will allow a way for users logging on remotely to get the access they need at the correct level of authorization.

This means that the solution should integrate seamlessly with other tools that are already in place. For example, SCADAfence integrates with a number of different security vendors, such as Rapid7, Keysight, and Secureworks. An open API that allows for maximum flexibility is ideal, as it allows you to tailor the integration to your specific use case rather than being limited to pre-set integrations that may not meet your needs.

Increased Visibility And Other OT Needs

In addition to the OT/IT integration, there are many other things to look for in an OT solution. Including, yes, the ability to passively scan the network to create a detailed inventory of every device without causing damage and shutting down the network. Other must-haves include quick installation time, low false positive rates, and tailored risk alerts. These are all covered in detail in the guide as well.

So, when the CISO, IT person or other member of senior management tells you they want to bring in a cyber security expert, instead of tossing them out on their head and bolting the door, invite them in, be prepared, and talk about how best to work together.

To get more advice and information about choosing an OT cyber security solution, download our complementary guide.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.

2023 SCADAfence

Why we chose to be a fully remote company (and how we make it work)

At runZero, a physical office isn’t what unites us–it’s our mission that brings us together.

We are proud of the fact we are a 100% remote team,distributed across 10 states. From software engineers to product developers, we aim to help organizations keep their networks secure–all from the comfort of our own homes.

People often ask me why we chose to be a fully remote company from the beginning. As we look to grow, I wanted to take time to elaborate on why we made this choice, the benefits to our company and employees, and how we cultivate our culture without a shared office space.

Why remote-only was the right choice

I joined runZero in late 2020, two years after our founder, HD Moore, started the company. We were in the middle of a pandemic, and our conversations quickly turned to the practicalities of running a startup remotely. Because the whole world was still working remotely due to the pandemic, opening an office just didn’t make sense at the time.

HD felt that he could run the engineering side of things remotely from Austin, TX, and he asked if I needed a sales office in Boston. With all the tools at our fingertips today, I knew I could accomplish most tasks remotely.

My perspective was that working in an office is only important for certain meetings and social interactions. It’s not required for individual, focused-work (unless you have a lot of people in your apartment and need a quiet place to work,but even then, there are other options to meet that need such as coworking spaces).

All that to say: my immediate instinct was runZero could run very well remotely.

Hybrid work is the worst of both worlds

Hybrid usually means employees are in the office around 3 days a week. Employers usually allow people to have some level of freedom over the days they choose to be in the office, so they still get the flexibility from remote work. As a result, it’s difficult to get everyone at the office at the same time.

These hybrid models work in theory, but to me, they seem to bring out the worst parts of each working environment. You still feel isolated (a challenge of remote work), even though you are technically back in the office. You’re able to meet with your colleagues in-person, but never at the same time. So what’s the point?

Hybrid models are also not conducive to productive meetings. Trying to optimize an audio and video setup for in-person and remote meetings is an exercise in futility. One person is drawing on a whiteboard you can barely see, and another is struggling to hear what’s going on through the dreaded Polycom.

Meanwhile, if everyone is on a Zoom call, we can all hear and see each other simultaneously and clearly. Video-conferencing software has improved drastically over the last few years and video and audio quality is heads and tails above typical conferencing options, which allows for efficient and productive meetings.

On a personal level, this is how I prefer to work. I don’t have to sit in a car for two hours a day to get to an office and to run between different meeting rooms at different times. I can prepare healthy meals and pop in a load of laundry in between writing up strategic reports.

Beyond that, however, there are tangible benefits to the company itself that made our decision to become 100% remote an easy one.

Remote work attracts the best talent and gives us an edge over the competition

As things slowly returned to normal in 2021, more companies began to ask employees to come back to the office. However, not all of them wanted to return.

We saw this as a competitive advantage for us. We offered a workplace that allowed for talented individuals to continue working independently, while also being part of a team that shared their values. The certainty that we were never going to ask people to come to an office was a big plus for a lot of people.

In turn, the talent pool we could choose from actually broadened. Now we could pick up people from companies that wanted employees to return when they didn’t want to. We weren’t restricted to a single city either. We could attract quality candidates nationwide and hire, onboard, and train them quickly and efficiently. That’s a cost advantage that we can reinvest in the company.

As a result, our employees have also shared feedback that they are able to maintain a better work-life balance, while also feeling connected to the company mission.

Staying Connected While Apart: How We Cultivate a Company Culture

Admittedly, a formidable challenge to not having a physical workplace is missing out on what I would call ‘water cooler chatter’: those impromptu conversations. Sometimes they were about work, other times about our personal lives. These moments are crucial to helping teams feel connected to a shared experience.

However, company culture is so much more than incidental conversations around the office. It’s about people feeling like they are truly a part of something, and that kind of culture is cultivated thoughtfully and holistically.

First and foremost, understanding our cultural values was key to helping us build a remote culture – or any company culture. Then, our focus shifted to understanding how we help connect people to those values, help people develop 1-on-1 relationships, and foster interpersonal communication that builds the fabric of the company.

Let’s talk about some practical ways we foster and maintain company culture across time zones and locations.

Practical Ways we Manage Culture (and the tools we use!)

We still see the value of in-person interactions. We choose differently.

Our approach to communication is if it involves simply transferring knowledge or information, it can be accomplished virtually (through Slack, Zoom, or recorded video).

For example, we host monthly virtual town halls, which all employees and executives attend. Town halls are an important way to keep information flowing. We are open about our standing as a company, where we are going, and what’s coming next. Transparency is an even higher priority when you operate as a 100% remote company, and that’s why it’s one of our core values.

To set the tone for our time together, we usually kick off each meeting with a soundtrack. One time, after we closed a big customer in the telecommunications space, we played Lady Gaga’s “Telephone”. We take our work seriously, but we also like to have a little fun.

Since our town halls focus mainly on sharing information, they can be virtual. Meanwhile, we reserve in-person events for culture-building activities and interactions.

For example, we had our first ever company-wide meeting in-person in October 2022 in San Diego, an event we plan to host yearly. We had two to three hours of scheduled time during the day that involved sitting in a room pouring over information. The rest of each day was dedicated to team building exercises and common activities to foster lots of unstructured interactions. We also plan to meet up a second time each year for a go-to-market kickoff.

We use communication tools effectively and creatively

As you can expect, we use Slack for work-related communications, including weekly one-on-ones and asynchronous communications on important work matters.

We also use it as a way for everyone to connect. Lots of people check in with each other in the morning on the #casual-random Slack channel. We have a channel for foodies, movies, books, pets, kids,and many other channels to help employees connect who live in the same geographical area and sometimes get together in-person.

When you work remotely, almost every interaction is scheduled, and it can start to feel too structured. To help with this, we use Donut.com; it picks two random people within the company’s Slack that haven’t chatted in a while and pairs them up that month for a 30 minute one-on-one meeting. This meeting has no specific business purpose; it is simply there to mimic–to some degree–those casual water cooler conversations. This tool is a great way to make those types of conversations happen, and we have received positive feedback from employees who have built relationships this way.

Another tool we have used is called Gather.Town. You walk around a room that looks like an 8-bit game. As you wander, you can hear and see people standing near you (virtually), similar to a cocktail party. It’s a fun, gamified way to have a sort of happy hour with colleagues.

Our Head of People, Madison Smiser, has also been organizing company coffees (some virtual, some in-person where possible), show and tells, and breakout groups. We certainly don’t have it all figured out, but we are always listening to feedback and trying out new things. We know that socializing is an important part of building culture inside a company (remote or not).

Is going remote the right choice for you?

Truthfully, remote work is not for everyone, and that’s okay. Some people don’t have the physical workspace or environment to work remotely, while others work in service-based industries or manufacturing where it’s not a feasible option.

There are certainly challenges to running a remote company, but at the end of the day it can contribute positively to employee satisfaction and culture. There is something fascinating about the level of trust that binds a team together when everyone works remotely. It’s a benefit that comes from being in completely different places and, yet, still feeling connected.

If you’re interested in joining a fully remote workplace that’s building culture in creative ways, check out our Careers page.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

runZero 2023

Pandora FMS Journey to the Middle East, Black Hat MEA 2022

At Pandora FMS we like to travel! Traveling, meeting people, bonding… And barbecues or country getaways are great, but there’s nothing we like more here than an event focused on technology! That’s why we accepted the exceptional invitation to the latest Black Hat MEA edition held at Riyadh, Saudi Arabia last November. There we went, to the Middle East no less, with our stand and our roll up, to present our respects, and services, to the most cutting-edge community that exists out there.

Pandora FMS visits Black Hat MEA 2022, the event of the year

For those who are not aware of all this stuff: Black Hat MEA is a fairly iconic cybersecurity event, with year-round ethical hacking courses and offensive security classes that everyone wants to attend. A global event that pushes the secrets of data security to the limit. The largest information security trade show held anywhere in the world in 2022, bringing frontline and technology-loving companies together annually in a professional and festive atmosphere. But I will explain. We better talk to our lucky Pandora FMS colleagues who were able to attend this latest edition on behalf of our community. Alberto Sánchez, Systems Technician and Alexander Rodríguez, Salesperson.

Alexander, what would you say Black Hat MEA was like for Pandora FMS?

I think the event was a great chance! Having a space within the booth provided by our exclusive partner in Saudi Arabia, LoopTech, was wonderful.

It allowed us several positive meetings with clients. In addition, we had the honor to receive the visit of his Excellence Advisory Mr. Turki Alshikh. We were able to present him not only Pandora FMS, but the rest of the solutions in the field of Cybersecurity that our partner Looptech has. We were very happy to receive a lot of positive feedback from the product. Without a doubt, having participated in this event will help us achieve a better position in the Middle East market.

What did you learn from a place like Saudi Arabia and its people?

Saudi Arabia surprised me a lot. It is a country that is growing very fast. Although it still retains authenticity in the mud buildings in the middle of the desert and the spectacular sunsets on the dunes. Its people are super friendly and are willing to help you in everything necessary to make your stay as pleasant as possible. Most people speak English so it was very easy to communicate. And I was hugely impressed that everything there is “go big or go home”: great plates of food, huge malls… I would go visit the country again, without a doubt, to continue finding out more about its culture.

And you, Alberto? What do you think Pandora FMS contributed to Black Hat MEA?

I believe at least that Pandora FMS contributed to difference and originality, compared to the rest of solutions that showed up to the event. As you already know, Black Hat MEA was focused in cybersecurity, meaning there were thousands aimed at email or mobile security, others focused in failure detection and there were those that avoid intruder access to devices. Well Pandora FMS, among all of them, proved to be the tool that better looked after device health. That its essential security feature is simply to prevent device malfunction thanks to monitoring, was something that stood out above the rest.

Any special memories of such an incredible journey?

It’s a tough question, because the whole trip was incredible. The kindness and “brotherhood” of the people was shocking. It was surprising the diversification of cultures that we experienced with people from all over the world, and the number of students who visited us asking really difficult questions to answer… But, if you insist, I’ll tell you a very funny moment that stuck with me. During a demo we could see that a group of students from the women’s university in Riyadh stared at us and laughed. When we finished the demo, we invited them to ask things about Pandora FMS and we took the opportunity to ask them why they were laughing during my demo, you know, in case we had failed at something… Their answer, while laughing, was that the word “Pandora” in Arabic is “Tomato”. For the rest of the event we struggled, at the booth, to say Pandora FMS without a smile on our faces.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

Pandorafms 2023

What happens when your router is hacked?

Most people understand that routers can be hacked, but not everybody realizes just how damaging this kind of cyberattack can be. In this article, I will explain exactly how a hacker can target your router, what the consequences could be, and what you can do to protect yourself.

Most users underestimate the risk

No one wants to be hacked, but it’s easy to come up with excuses for not addressing router security issues — excuses like:

Hackers don’t want to hack me (aka: “I have nothing to hide” or “My data isn’t valuable to anyone”).
It’s too complicated to secure my router and configure it properly.
I assume that it’s secure by design (aka: “I trust my ISP to secure it”).

Do these excuses look reasonable to you? Maybe, but the truth is that most hackers would be happy to attack your router if it’s not properly protected, especially if they can do so quickly.

Securing your router is not technically complicated – you don’t need an IT specialist to keep your router safe anymore than you need an automobile engineer to drive your car. Making sure your router is protected should be a standard part of internet use.

Finally, you should not trust your internet service provider (ISP) to keep you safe. More often than not, its security measures are inadequate.

Types of vulnerabilities

Routers are commonly attacked using five main methods. In all the cases, an attacker gets root access (also known as administrative access) and gains full control of the device. The following list begins with the most unlikely and challenging hacks and ends with most common methods, which are also the easiest for the hacker. Each method also comes with an example of the tools and exploits a hacker could use to carry them out.

Physical (Hacking level: extremely difficult)

A physical attack requires the hacker to get physical access to your router. If they manage this, they can bypass security measures and get full administrator access. This process usually involves connecting the router to special hardware (in most cases, a serial console or JTAG).

While it may be a challenge for them to get close to your home router, hackers can use other ways to gain physical access to these devices. For example, they could target an outdoor wireless extender placed in the yard or a wireless router in a hotel that is used by guests.

Example: Almost any device with easy access to TTL or JTAG (for example, D-Link DIR-825AC) could be used to launch this hack. JTAG can also be used legitimately to unlock and customize a router.

Local authenticated (Hacking level: moderately difficult)

To perform a local authenticated attack, a hacker must connect to your LAN (local area network) or Wi-Fi. Usually this involves connecting a tiny device to a free network socket or cracking a weak wireless password.

The hacker must also know the default administrator’s password (or be able to brute force it). Collections of default router passwords are available to hackers online as well as tools that allow them to brute force weak passwords. Infecting a local connected device, like a laptop or smartphone, could give the hacker the same level of access to your local network.

Example: The Telia Technicolor Samba symlink exploit. This is also used by non-malicious technicians to jailbreak locked devices.

Local unauthenticated (Hacking level: challenging)

Like the local authenticated method, a local unauthenticated attack requires the hacker to connect to the LAN or Wi-Fi or to infect a local device. This time, however, the hacker does not need to know the administrator’s password.

Usually, local unauthenticated attacks involve exploiting some software vulnerability in your router’s firmware (for example, the buffer overflow in its web management function) or accessing misconfigured components (like a default telnet left without password protection).

Example: The Mikrotik RouterOS vulnerability CVE-2018-14847 and the Telia ADB hardcoded “tadmin” superuser method.

Remote authenticated (Hacking level: relatively easy)

Remote authenticated attacks are possible against certain routers via the internet, so the hacker doesn’t need to be close to you or join your LAN. They still need to know some default credentials to bypass the service password, but they can also brute force it if necessary.

Example: The Huawei LANSwitch model with a default Web UI open to the internet. This exploit was resolved in January 2023 but still acts as a good example of a remote authenticated threat — albeit one that is no longer active.

Remote unauthenticated (Hacking level: very easy)

Remote unauthenticated attacks are the worst-case scenario. Remote unauthenticated attacks can occur if anyone can access the router from the internet, without needing an administrator’s credentials.

Usually, if a router can be accessed in this way, it is the result of the device coming with bad default configuration, a hidden backdoor, or a vulnerability in the software. In some nightmare scenarios, a router may end up with all three of these issues.

A router with these problems can be quickly scanned and exploited by thousands of automated bots or commercial providers (Shodan, for example). It takes between a few minutes and a few hours for the first bot to reach the device once it’s been connected to the internet. After scanning the router, a bot will be able identify the model and use the appropriate script to gain the access.

Example: Security flaws in multiple cheap routers sold on Amazon and Walmart. While these two examples are particularly egregious, many other routers may have the same issues.

What happens once you’ve been hacked?

Your router has been hacked. What happens now? After gaining root access, the attacker’s power over the device is unlimited. Here are some of the steps a hacker might take next:

Add a persistent backdoor to allow for remote device use or botnet inclusion.
View your unencrypted traffic in plain text (using tcpdump, for example).
Carry out deep packet inspection (DPI) on any encrypted traffic.
Redirect your traffic (for example, through DNS spoofing or by using iptables).
Launch social engineering attacks against you (for example, a hacker could redirect you to a fake website, pretending to be your online banking platform, where you might expose sensitive information).
Disconnect you from the internet and demand a ransom to restore access.
Make your router a proxy for other criminals to perform criminal activities from your IP address (potentially leaving you to convince the police that you weren’t the source of the criminal activity).
Hack your other devices (moving laterally) which were not accessible from the internet. If successful, this could allow the hacker to install ransomware or cryptominer malware on your other computers at home.

Still think it’s not worth your time to secure your router?

How to protect your router

If you think it’s time to start protecting your router and the devices connected to it, take the following steps.

Understand that your data is valuable. Even if you are not a celebrity or a high-profile politician, it’s still worth a hacker’s time to attack your router. Always see yourself as a potential target. You don’t have to be paranoid, but don’t ignore the risks.
Buy a user-friendly router that has good documentation and a clear user interface and that provides technical support and firmware updates. These routers may cost more, but security is a worthwhile investment.
Do not trust your ISP. ISPs tend to lower maintenance costs by saving on security. If possible, avoid using the router provided by your ISP, or at least unlock and take full control of it (change the default password, disable remote management, remove backdoors, and enable a firewall).
If possible, use WPA3, and protect yourself with a non-dictionary-based password containing at least ten characters. Never use WEP or unencrypted Wi-FI.
Use a VPN on your local devices (laptops, phones, TVs) to encrypt traffic.

You should now understand both the risks of an unsecured router and the actions you can take today to protect it. Stay safe!

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Nord Security 2023